mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-29 02:45:06 +00:00
Code Activity

New operators (#2543)

Browse source 
* added anyin operator

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>

* allin, anynotin, allnotin added

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>

* added operator handler info

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>

* fixes typos and variable names

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>

* reusing code from in.go in new operators

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>

* Added more test cases for new operators

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>

* updated openapiv3schema

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>

* matching logic

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>

* added deprecated tag for In and NotIn

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>
This commit is contained in:
Anushka Mittal 2021-10-27 05:59:42 +05:30 committed by GitHub
parent 3aa6d8d42f
commit 08a3087100
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
19 changed files with 1129 additions and 132 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
api/swaggerDoc.go
View file

@ -7805,11 +7805,11 @@ const SwaggerDoc = `
"type": "string"
},
"operator": {
"description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.",
"description": "Represents a key's relationship to a set of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists, DoesNotExist. Gt, and Lt.",
"type": "string"
},
"values": {
"description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.",
"description": "An array of string values. If the operator is In, AnyIn, AllIn, NotIn, AnyNotIn or AllNotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.",
"items": {
"type": "string"
},
@ -9871,7 +9871,7 @@ const SwaggerDoc = `
"description": "A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator that relates the scope name and values.",
"properties": {
"operator": {
"description": "Represents a scope's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist.",
"description": "Represents a scope's relationship to a set of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists, DoesNotExist.",
"type": "string"
},
"scopeName": {
@ -9879,7 +9879,7 @@ const SwaggerDoc = `
"type": "string"
},
"values": {
"description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.",
"description": "An array of string values. If the operator is In, AnyIn, AllIn, NotIn, AnyNotIn or AllNotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.",
"items": {
"type": "string"
},
@ -18882,11 +18882,11 @@ const SwaggerDoc = `
"x-kubernetes-patch-strategy": "merge"
},
"operator": {
"description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.",
"description": "operator represents a key's relationship to a set of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists and DoesNotExist.",
"type": "string"
},
"values": {
"description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.",
"description": "values is an array of string values. If the operator is In, AnyIn, AllIn, NotIn, AnyNotIn or AllNotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.",
"items": {
"type": "string"
},

16
charts/kyverno/templates/crds.yaml
View file

@ -1396,7 +1396,7 @@ spec:
description: key is the label key that the selector applies to.
type: string
operator:
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
description: operator represents a key's relationship to a set of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
@ -1505,7 +1505,7 @@ spec:
description: key is the label key that the selector applies to.
type: string
operator:
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
description: operator represents a key's relationship to a set of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
@ -1617,7 +1617,7 @@ spec:
description: key is the label key that the selector applies to.
type: string
operator:
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
description: operator represents a key's relationship to a set of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
@ -1744,7 +1744,7 @@ spec:
description: key is the label key that the selector applies to.
type: string
operator:
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
description: operator represents a key's relationship to a set of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
@ -3864,7 +3864,7 @@ spec:
description: key is the label key that the selector applies to.
type: string
operator:
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
description: operator represents a key's relationship to a set of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
@ -3973,7 +3973,7 @@ spec:
description: key is the label key that the selector applies to.
type: string
operator:
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
description: operator represents a key's relationship to a set of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
@ -4085,7 +4085,7 @@ spec:
description: key is the label key that the selector applies to.
type: string
operator:
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
description: operator represents a key's relationship to a set of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
@ -4212,7 +4212,7 @@ spec:
description: key is the label key that the selector applies to.
type: string
operator:
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
description: operator represents a key's relationship to a set of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

42
definitions/crds/kyverno.io_clusterpolicies.yaml
View file

@ -1530,12 +1530,17 @@ spec:
operator:
description: Operator is the operation to
perform. Valid operators are Equals, NotEquals,
In and NotIn.
In, AnyIn, AllIn and NotIn, AnyNotIn,
AllNotIn.
enum:
- Equals
- NotEquals
- In
- AnyIn
- AllIn
- NotIn
- AnyNotIn
- AllNotIn
- GreaterThanOrEquals
- GreaterThan
- LessThanOrEquals
@ -1571,12 +1576,17 @@ spec:
operator:
description: Operator is the operation to
perform. Valid operators are Equals, NotEquals,
In and NotIn.
In, AnyIn, AllIn and NotIn, AnyNotIn,
AllNotIn.
enum:
- Equals
- NotEquals
- In
- AnyIn
- AllIn
- NotIn
- AnyNotIn
- AllNotIn
- GreaterThanOrEquals
- GreaterThan
- LessThanOrEquals
@ -1778,12 +1788,17 @@ spec:
operator:
description: Operator is the operation to
perform. Valid operators are Equals, NotEquals,
In and NotIn.
In, AnyIn, AllIn and NotIn, AnyNotIn,
AllNotIn.
enum:
- Equals
- NotEquals
- In
- AnyIn
- AllIn
- NotIn
- AnyNotIn
- AllNotIn
- GreaterThanOrEquals
- GreaterThan
- LessThanOrEquals
@ -1819,12 +1834,17 @@ spec:
operator:
description: Operator is the operation to
perform. Valid operators are Equals, NotEquals,
In and NotIn.
In, AnyIn, AllIn and NotIn, AnyNotIn,
AllNotIn.
enum:
- Equals
- NotEquals
- In
- AnyIn
- AllIn
- NotIn
- AnyNotIn
- AllNotIn
- GreaterThanOrEquals
- GreaterThan
- LessThanOrEquals
@ -1908,12 +1928,17 @@ spec:
operator:
description: Operator is the operation
to perform. Valid operators are Equals,
NotEquals, In and NotIn.
NotEquals, In, AnyIn, AllIn and NotIn,
AnyNotIn, AllNotIn.
enum:
- Equals
- NotEquals
- In
- AnyIn
- AllIn
- NotIn
- AnyNotIn
- AllNotIn
- GreaterThanOrEquals
- GreaterThan
- LessThanOrEquals
@ -1950,12 +1975,17 @@ spec:
operator:
description: Operator is the operation
to perform. Valid operators are Equals,
NotEquals, In and NotIn.
NotEquals, In, AnyIn, AllIn and NotIn,
AnyNotIn, AllNotIn.
enum:
- Equals
- NotEquals
- In
- AnyIn
- AllIn
- NotIn
- AnyNotIn
- AllNotIn
- GreaterThanOrEquals
- GreaterThan
- LessThanOrEquals

42
definitions/crds/kyverno.io_policies.yaml
View file

@ -1531,12 +1531,17 @@ spec:
operator:
description: Operator is the operation to
perform. Valid operators are Equals, NotEquals,
In and NotIn.
In, AnyIn, AllIn and NotIn, AnyNotIn,
AllNotIn.
enum:
- Equals
- NotEquals
- In
- AnyIn
- AllIn
- NotIn
- AnyNotIn
- AllNotIn
- GreaterThanOrEquals
- GreaterThan
- LessThanOrEquals
@ -1572,12 +1577,17 @@ spec:
operator:
description: Operator is the operation to
perform. Valid operators are Equals, NotEquals,
In and NotIn.
In, AnyIn, AllIn and NotIn, AnyNotIn,
AllNotIn.
enum:
- Equals
- NotEquals
- In
- AnyIn
- AllIn
- NotIn
- AnyNotIn
- AllNotIn
- GreaterThanOrEquals
- GreaterThan
- LessThanOrEquals
@ -1779,12 +1789,17 @@ spec:
operator:
description: Operator is the operation to
perform. Valid operators are Equals, NotEquals,
In and NotIn.
In, AnyIn, AllIn and NotIn, AnyNotIn,
AllNotIn.
enum:
- Equals
- NotEquals
- In
- AnyIn
- AllIn
- NotIn
- AnyNotIn
- AllNotIn
- GreaterThanOrEquals
- GreaterThan
- LessThanOrEquals
@ -1820,12 +1835,17 @@ spec:
operator:
description: Operator is the operation to
perform. Valid operators are Equals, NotEquals,
In and NotIn.
In, AnyIn, AllIn and NotIn, AnyNotIn,
AllNotIn.
enum:
- Equals
- NotEquals
- In
- AnyIn
- AllIn
- NotIn
- AnyNotIn
- AllNotIn
- GreaterThanOrEquals
- GreaterThan
- LessThanOrEquals
@ -1909,12 +1929,17 @@ spec:
operator:
description: Operator is the operation
to perform. Valid operators are Equals,
NotEquals, In and NotIn.
NotEquals, In, AnyIn, AllIn and NotIn,
AnyNotIn, AllNotIn.
enum:
- Equals
- NotEquals
- In
- AnyIn
- AllIn
- NotIn
- AnyNotIn
- AllNotIn
- GreaterThanOrEquals
- GreaterThan
- LessThanOrEquals
@ -1951,12 +1976,17 @@ spec:
operator:
description: Operator is the operation
to perform. Valid operators are Equals,
NotEquals, In and NotIn.
NotEquals, In, AnyIn, AllIn and NotIn,
AnyNotIn, AllNotIn.
enum:
- Equals
- NotEquals
- In
- AnyIn
- AllIn
- NotIn
- AnyNotIn
- AllNotIn
- GreaterThanOrEquals
- GreaterThan
- LessThanOrEquals

8
definitions/crds/wgpolicyk8s.io_clusterpolicyreports.yaml
View file

@ -106,7 +106,7 @@ spec:
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn, Exists
to a set of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists
and DoesNotExist.
type: string
values:
@ -277,7 +277,7 @@ spec:
type: string
operator:
description: operator represents a key's relationship to a set
of values. Valid operators are In, NotIn, Exists and DoesNotExist.
of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator
@ -418,7 +418,7 @@ spec:
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn, Exists
to a set of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists
and DoesNotExist.
type: string
values:
@ -614,7 +614,7 @@ spec:
type: string
operator:
description: operator represents a key's relationship to a set
of values. Valid operators are In, NotIn, Exists and DoesNotExist.
of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator

8
definitions/crds/wgpolicyk8s.io_policyreports.yaml
View file

@ -105,7 +105,7 @@ spec:
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn, Exists
to a set of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists
and DoesNotExist.
type: string
values:
@ -276,7 +276,7 @@ spec:
type: string
operator:
description: operator represents a key's relationship to a set
of values. Valid operators are In, NotIn, Exists and DoesNotExist.
of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator
@ -416,7 +416,7 @@ spec:
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn, Exists
to a set of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists
and DoesNotExist.
type: string
values:
@ -612,7 +612,7 @@ spec:
type: string
operator:
description: operator represents a key's relationship to a set
of values. Valid operators are In, NotIn, Exists and DoesNotExist.
of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator

28
definitions/install.yaml
View file

@ -2175,8 +2175,8 @@ spec:
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
to a set of values. Valid operators are In, AnyIn, AllIn,
NotIn, AnyNotIn, AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
@ -2346,7 +2346,8 @@ spec:
type: string
operator:
description: operator represents a key's relationship to a set
of values. Valid operators are In, NotIn, Exists and DoesNotExist.
of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn,
AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator
@ -2487,8 +2488,8 @@ spec:
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
to a set of values. Valid operators are In, AnyIn, AllIn,
NotIn, AnyNotIn, AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
@ -2683,7 +2684,8 @@ spec:
type: string
operator:
description: operator represents a key's relationship to a set
of values. Valid operators are In, NotIn, Exists and DoesNotExist.
of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn,
AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator
@ -5785,8 +5787,8 @@ spec:
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
to a set of values. Valid operators are In, AnyIn, AllIn,
NotIn, AnyNotIn, AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
@ -5956,7 +5958,8 @@ spec:
type: string
operator:
description: operator represents a key's relationship to a set
of values. Valid operators are In, NotIn, Exists and DoesNotExist.
of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn,
AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator
@ -6096,8 +6099,8 @@ spec:
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
to a set of values. Valid operators are In, AnyIn, AllIn,
NotIn, AnyNotIn, AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
@ -6292,7 +6295,8 @@ spec:
type: string
operator:
description: operator represents a key's relationship to a set
of values. Valid operators are In, NotIn, Exists and DoesNotExist.
of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn,
AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator

28
definitions/install_debug.yaml
View file

@ -2155,8 +2155,8 @@ spec:
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
to a set of values. Valid operators are In, AnyIn, AllIn,
NotIn, AnyNotIn, AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
@ -2326,7 +2326,8 @@ spec:
type: string
operator:
description: operator represents a key's relationship to a set
of values. Valid operators are In, NotIn, Exists and DoesNotExist.
of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn,
AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator
@ -2467,8 +2468,8 @@ spec:
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
to a set of values. Valid operators are In, AnyIn, AllIn,
NotIn, AnyNotIn, AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
@ -2663,7 +2664,8 @@ spec:
type: string
operator:
description: operator represents a key's relationship to a set
of values. Valid operators are In, NotIn, Exists and DoesNotExist.
of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn,
AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator
@ -5737,8 +5739,8 @@ spec:
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
to a set of values. Valid operators are In, AnyIn, AllIn,
NotIn, AnyNotIn, AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
@ -5908,7 +5910,8 @@ spec:
type: string
operator:
description: operator represents a key's relationship to a set
of values. Valid operators are In, NotIn, Exists and DoesNotExist.
of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn,
AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator
@ -6048,8 +6051,8 @@ spec:
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
to a set of values. Valid operators are In, AnyIn, AllIn,
NotIn, AnyNotIn, AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
@ -6244,7 +6247,8 @@ spec:
type: string
operator:
description: operator represents a key's relationship to a set
of values. Valid operators are In, NotIn, Exists and DoesNotExist.
of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn,
AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator

128
definitions/release/install.yaml
View file

@ -225,12 +225,12 @@ spec:
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
operators are In, AnyIn, AllIn, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn AnyNotIn, AllNotIn, Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
values. If the operator is In, AnyIn, AllIn, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn AnyNotIn or AllNotIn
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
@ -290,12 +290,12 @@ spec:
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
operators are In, AnyIn, AllIn, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn AnyNotIn, AllNotIn, Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
values. If the operator is In, AnyIn, AllIn, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn AnyNotIn, AllNotIn
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
@ -440,12 +440,12 @@ spec:
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
operators are In, AnyIn, AllIn, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn AnyNotIn, AllNotIn, Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
values. If the operator is In, AnyIn, AllIn, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn AnyNotIn or AllNotIn
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
@ -505,12 +505,12 @@ spec:
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
operators are In, AnyIn, AllIn, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn AnyNotIn, AllNotIn, Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
values. If the operator is In, AnyIn, AllIn, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn AnyNotIn or AllNotIn
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
@ -645,11 +645,11 @@ spec:
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
In, AnyIn, AllIn, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn AnyNotIn, AllNotIn, Exists and DoesNotExist..
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
values. If the operator is In, AnyIn, AllIn, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn AnyNotIn or AllNotIn
the values array must be non-empty. If the
operator is Exists or DoesNotExist, the
values array must be empty. This array is
@ -704,11 +704,11 @@ spec:
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
In, AnyIn, AllIn, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn AnyNotIn, AllNotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
values. If the operator is In, AnyIn, AllIn, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn AnyNotIn or AllNotIn
the values array must be non-empty. If the
operator is Exists or DoesNotExist, the
values array must be empty. This array is
@ -900,12 +900,12 @@ spec:
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
operators are In, AnyIn, AllIn, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn AnyNotIn, AllNotIn, Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
values. If the operator is In, AnyIn, AllIn, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn AnyNotIn or AllNotIn
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
@ -965,12 +965,12 @@ spec:
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
operators are In, AnyIn, AllIn, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn AnyNotIn, AllNotIn, Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
values. If the operator is In, AnyIn, AllIn, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn AnyNotIn or AllNotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
@ -1115,12 +1115,12 @@ spec:
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
operators are In, AnyIn, AllIn, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn AnyNotIn, AllNotIn, Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
values. If the operator is In, AnyIn, AllIn, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn AnyNotIn or AllNotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
@ -1180,12 +1180,12 @@ spec:
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
operators are In, AnyIn, AllIn, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn AnyNotIn, AllNotIn, Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
values. If the operator is In, AnyIn, AllIn, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn AnyNotIn or AllNotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
@ -1321,11 +1321,11 @@ spec:
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
values. If the operator is In, AnyIn, AllIn, NotIn, AnyNotIn or AllNotIn,
the values array must be non-empty. If the
operator is Exists or DoesNotExist, the
values array must be empty. This array is
@ -1380,11 +1380,11 @@ spec:
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
values. If the operator is In, AnyIn, AllIn, NotIn, AnyNotIn or AllNotIn,
the values array must be non-empty. If the
operator is Exists or DoesNotExist, the
values array must be empty. This array is
@ -2175,7 +2175,7 @@ spec:
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn, Exists
to a set of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists
and DoesNotExist.
type: string
values:
@ -2346,7 +2346,7 @@ spec:
type: string
operator:
description: operator represents a key's relationship to a set
of values. Valid operators are In, NotIn, Exists and DoesNotExist.
of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator
@ -2487,7 +2487,7 @@ spec:
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn, Exists
to a set of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists
and DoesNotExist.
type: string
values:
@ -2683,7 +2683,7 @@ spec:
type: string
operator:
description: operator represents a key's relationship to a set
of values. Valid operators are In, NotIn, Exists and DoesNotExist.
of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator
@ -2856,7 +2856,7 @@ spec:
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn, Exists
to a set of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists
and DoesNotExist.
type: string
values:
@ -3027,7 +3027,7 @@ spec:
type: string
operator:
description: operator represents a key's relationship to a set
of values. Valid operators are In, NotIn, Exists and DoesNotExist.
of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator
@ -3168,7 +3168,7 @@ spec:
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn, Exists
to a set of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists
and DoesNotExist.
type: string
values:
@ -3364,7 +3364,7 @@ spec:
type: string
operator:
description: operator represents a key's relationship to a set
of values. Valid operators are In, NotIn, Exists and DoesNotExist.
of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator
@ -3835,12 +3835,12 @@ spec:
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
values. If the operator is In, AnyIn, AllIn, NotIn, AnyNotIn or AllNotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
@ -3900,12 +3900,12 @@ spec:
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
values. If the operator is In, AnyIn, AllIn, NotIn, AnyNotIn or AllNotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
@ -4050,12 +4050,12 @@ spec:
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
values. If the operator is In, AnyIn, AllIn, NotIn, AnyNotIn or AllNotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
@ -4115,12 +4115,12 @@ spec:
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
values. If the operator is In, AnyIn, AllIn, NotIn, AnyNotIn or AllNotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
@ -4255,11 +4255,11 @@ spec:
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
values. If the operator is In, AnyIn, AllIn, NotIn, AnyNotIn or AllNotIn,
the values array must be non-empty. If the
operator is Exists or DoesNotExist, the
values array must be empty. This array is
@ -4314,11 +4314,11 @@ spec:
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
values. If the operator is In, AnyIn, AllIn, NotIn, AnyNotIn or AllNotIn,
the values array must be non-empty. If the
operator is Exists or DoesNotExist, the
values array must be empty. This array is
@ -4510,12 +4510,12 @@ spec:
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
values. If the operator is In, AnyIn, AllIn, NotIn, AnyNotIn or AllNotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
@ -4575,12 +4575,12 @@ spec:
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
values. If the operator is In, AnyIn, AllIn, NotIn, AnyNotIn or AllNotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
@ -4725,12 +4725,12 @@ spec:
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
values. If the operator is In, AnyIn, AllIn, NotIn, AnyNotIn or AllNotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
@ -4790,12 +4790,12 @@ spec:
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
values. If the operator is In, AnyIn, AllIn, NotIn, AnyNotIn or AllNotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
@ -4931,11 +4931,11 @@ spec:
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
values. If the operator is In, AnyIn, AllIn, NotIn, AnyNotIn or AllNotIn,
the values array must be non-empty. If the
operator is Exists or DoesNotExist, the
values array must be empty. This array is
@ -4990,11 +4990,11 @@ spec:
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
values. If the operator is In, AnyIn, AllIn, NotIn, AnyNotIn or AllNotIn,
the values array must be non-empty. If the
operator is Exists or DoesNotExist, the
values array must be empty. This array is
@ -5785,7 +5785,7 @@ spec:
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn, Exists
to a set of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists
and DoesNotExist.
type: string
values:
@ -5956,7 +5956,7 @@ spec:
type: string
operator:
description: operator represents a key's relationship to a set
of values. Valid operators are In, NotIn, Exists and DoesNotExist.
of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator
@ -6096,7 +6096,7 @@ spec:
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn, Exists
to a set of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists
and DoesNotExist.
type: string
values:
@ -6292,7 +6292,7 @@ spec:
type: string
operator:
description: operator represents a key's relationship to a set
of values. Valid operators are In, NotIn, Exists and DoesNotExist.
of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator
@ -6465,7 +6465,7 @@ spec:
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn, Exists
to a set of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists
and DoesNotExist.
type: string
values:
@ -6636,7 +6636,7 @@ spec:
type: string
operator:
description: operator represents a key's relationship to a set
of values. Valid operators are In, NotIn, Exists and DoesNotExist.
of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator
@ -6777,7 +6777,7 @@ spec:
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn, Exists
to a set of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists
and DoesNotExist.
type: string
values:
@ -6973,7 +6973,7 @@ spec:
type: string
operator:
description: operator represents a key's relationship to a set
of values. Valid operators are In, NotIn, Exists and DoesNotExist.
of values. Valid operators are In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator

12
pkg/api/kyverno/v1/policy_types.go
View file

@ -207,7 +207,7 @@ type Condition struct {
Key apiextensions.JSON `json:"key,omitempty" yaml:"key,omitempty"`
// Operator is the operation to perform. Valid operators
// are Equals, NotEquals, In and NotIn.
// are Equals, NotEquals, In, AnyIn, AllIn and NotIn, AnyNotIn, AllNotIn.
Operator ConditionOperator `json:"operator,omitempty" yaml:"operator,omitempty"`
// Value is the conditional value, or set of values. The values can be fixed set
@ -218,7 +218,7 @@ type Condition struct {
}
// ConditionOperator is the operation performed on condition key and value.
// +kubebuilder:validation:Enum=Equals;NotEquals;In;NotIn;GreaterThanOrEquals;GreaterThan;LessThanOrEquals;LessThan;DurationGreaterThanOrEquals;DurationGreaterThan;DurationLessThanOrEquals;DurationLessThan
// +kubebuilder:validation:Enum=Equals;NotEquals;In;AnyIn;AllIn;NotIn;AnyNotIn;AllNotIn;GreaterThanOrEquals;GreaterThan;LessThanOrEquals;LessThan;DurationGreaterThanOrEquals;DurationGreaterThan;DurationLessThanOrEquals;DurationLessThan
type ConditionOperator string
const (
@ -234,8 +234,16 @@ const (
NotEquals ConditionOperator = "NotEquals"
// In evaluates if the key is contained in the set of values.
In ConditionOperator = "In"
// AnyIn evaluates if any of the keys are contained in the set of values.
AnyIn ConditionOperator = "AnyIn"
// AllIn evaluates if all the keys are contained in the set of values.
AllIn ConditionOperator = "AllIn"
// NotIn evaluates if the key is not contained in the set of values.
NotIn ConditionOperator = "NotIn"
// AnyNotIn evaluates if any of the keys are not contained in the set of values.
AnyNotIn ConditionOperator = "AnyNotIn"
// AllNotIn evaluates if all the keys are not contained in the set of values.
AllNotIn ConditionOperator = "AllNotIn"
// GreaterThanOrEquals evaluates if the key (numeric) is greater than or equal to the value (numeric).
GreaterThanOrEquals ConditionOperator = "GreaterThanOrEquals"
// GreaterThan evaluates if the key (numeric) is greater than the value (numeric).

438
pkg/engine/variables/evaluate_test.go
View file

@ -1810,6 +1810,250 @@ func Test_Eval_In_String_Set_Fail(t *testing.T) {
}
}
func Test_Eval_AnyIn_String_Set_Pass1(t *testing.T) {
ctx := context.NewContext()
key := [2]string{"1.1.1.1", "5.5.5.5"}
keyInterface := make([]interface{}, len(key))
for i := range key {
keyInterface[i] = key[i]
}
value := [3]string{"1.1.1.1", "2.2.2.2", "3.3.3.3"}
valueInterface := make([]interface{}, len(value))
for i := range value {
valueInterface[i] = value[i]
}
condition := kyverno.Condition{
Key: keyInterface,
Operator: kyverno.AnyIn,
Value: valueInterface,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_AnyIn_String_Set_Pass2(t *testing.T) {
ctx := context.NewContext()
key := [3]string{"1.1.1.1", "5.5.5.5", "2.2.2.2"}
keyInterface := make([]interface{}, len(key))
for i := range key {
keyInterface[i] = key[i]
}
value := [2]string{"2.2.2.2", "3.3.3.3"}
valueInterface := make([]interface{}, len(value))
for i := range value {
valueInterface[i] = value[i]
}
condition := kyverno.Condition{
Key: keyInterface,
Operator: kyverno.AnyIn,
Value: valueInterface,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_AnyIn_String_Set_Pass3(t *testing.T) {
ctx := context.NewContext()
key := [1]string{"1.1.1.1"}
keyInterface := make([]interface{}, len(key))
for i := range key {
keyInterface[i] = key[i]
}
value := [3]string{"1.1.1.1", "2.2.2.2", "3.3.3.3"}
valueInterface := make([]interface{}, len(value))
for i := range value {
valueInterface[i] = value[i]
}
condition := kyverno.Condition{
Key: keyInterface,
Operator: kyverno.AnyIn,
Value: valueInterface,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_AnyIn_String_Set_Fail1(t *testing.T) {
ctx := context.NewContext()
key := [2]string{"5.5.5.5", "4.4.4.4"}
keyInterface := make([]interface{}, len(key), len(key))
for i := range key {
keyInterface[i] = key[i]
}
value := [3]string{"1.1.1.1", "2.2.2.2", "3.3.3.3"}
valueInterface := make([]interface{}, len(value))
for i := range value {
valueInterface[i] = value[i]
}
condition := kyverno.Condition{
Key: keyInterface,
Operator: kyverno.AnyIn,
Value: valueInterface,
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_AnyIn_String_Set_Fail2(t *testing.T) {
ctx := context.NewContext()
key := [2]string{"5.5.5.5"}
keyInterface := make([]interface{}, len(key), len(key))
for i := range key {
keyInterface[i] = key[i]
}
value := [3]string{"1.1.1.1", "2.2.2.2", "3.3.3.3"}
valueInterface := make([]interface{}, len(value))
for i := range value {
valueInterface[i] = value[i]
}
condition := kyverno.Condition{
Key: keyInterface,
Operator: kyverno.AnyIn,
Value: valueInterface,
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_AllIn_String_Set_Pass1(t *testing.T) {
ctx := context.NewContext()
key := [2]string{"1.1.1.1", "3.3.3.3"}
keyInterface := make([]interface{}, len(key))
for i := range key {
keyInterface[i] = key[i]
}
value := [3]string{"1.1.1.1", "2.2.2.2", "3.3.3.3"}
valueInterface := make([]interface{}, len(value))
for i := range value {
valueInterface[i] = value[i]
}
condition := kyverno.Condition{
Key: keyInterface,
Operator: kyverno.AllIn,
Value: valueInterface,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_AllIn_String_Set_Pass2(t *testing.T) {
ctx := context.NewContext()
key := [1]string{"1.1.1.1"}
keyInterface := make([]interface{}, len(key))
for i := range key {
keyInterface[i] = key[i]
}
value := [3]string{"1.1.1.1", "2.2.2.2", "3.3.3.3"}
valueInterface := make([]interface{}, len(value))
for i := range value {
valueInterface[i] = value[i]
}
condition := kyverno.Condition{
Key: keyInterface,
Operator: kyverno.AllIn,
Value: valueInterface,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_AllIn_String_Set_Fail1(t *testing.T) {
ctx := context.NewContext()
key := [2]string{"5.5.5.5", "4.4.4.4"}
keyInterface := make([]interface{}, len(key), len(key))
for i := range key {
keyInterface[i] = key[i]
}
value := [3]string{"1.1.1.1", "2.2.2.2", "3.3.3.3"}
valueInterface := make([]interface{}, len(value))
for i := range value {
valueInterface[i] = value[i]
}
condition := kyverno.Condition{
Key: keyInterface,
Operator: kyverno.AllIn,
Value: valueInterface,
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_AllIn_String_Set_Fail2(t *testing.T) {
ctx := context.NewContext()
key := [2]string{"5.5.5.5"}
keyInterface := make([]interface{}, len(key))
for i := range key {
keyInterface[i] = key[i]
}
value := [3]string{"1.1.1.1", "2.2.2.2", "3.3.3.3"}
valueInterface := make([]interface{}, len(value))
for i := range value {
valueInterface[i] = value[i]
}
condition := kyverno.Condition{
Key: keyInterface,
Operator: kyverno.AllIn,
Value: valueInterface,
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_AllIn_String_Set_Fail3(t *testing.T) {
ctx := context.NewContext()
key := [2]string{"1.1.1.1", "4.4.4.4"}
keyInterface := make([]interface{}, len(key))
for i := range key {
keyInterface[i] = key[i]
}
value := [3]string{"1.1.1.1", "2.2.2.2", "3.3.3.3"}
valueInterface := make([]interface{}, len(value))
for i := range value {
valueInterface[i] = value[i]
}
condition := kyverno.Condition{
Key: keyInterface,
Operator: kyverno.AllIn,
Value: valueInterface,
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
// test passes if ONE of the values in "key" is NOT in "value" ("key" is not a subset of "value")
func Test_Eval_NotIn_String_Set_Pass(t *testing.T) {
ctx := context.NewContext()
@ -1859,3 +2103,197 @@ func Test_Eval_NotIn_String_Set_Fail(t *testing.T) {
t.Error("expected to fail")
}
}
func Test_Eval_AnyNotIn_String_Set_Pass1(t *testing.T) {
ctx := context.NewContext()
key := [3]string{"1.1.1.1", "4.4.4.4", "5.5.5.5"}
keyInterface := make([]interface{}, len(key))
for i := range key {
keyInterface[i] = key[i]
}
value := [3]string{"1.1.1.1", "2.2.2.2", "3.3.3.3"}
valueInterface := make([]interface{}, len(value))
for i := range value {
valueInterface[i] = value[i]
}
condition := kyverno.Condition{
Key: keyInterface,
Operator: kyverno.AnyNotIn,
Value: valueInterface,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_AnyNotIn_String_Set_Pass2(t *testing.T) {
ctx := context.NewContext()
key := [1]string{"4.4.4.4"}
keyInterface := make([]interface{}, len(key))
for i := range key {
keyInterface[i] = key[i]
}
value := [3]string{"1.1.1.1", "2.2.2.2", "3.3.3.3"}
valueInterface := make([]interface{}, len(value))
for i := range value {
valueInterface[i] = value[i]
}
condition := kyverno.Condition{
Key: keyInterface,
Operator: kyverno.AnyNotIn,
Value: valueInterface,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_AnyNotIn_String_Set_Pass3(t *testing.T) {
ctx := context.NewContext()
key := [3]string{"1.1.1.1", "2.2.2.2", "3.3.3.3"}
keyInterface := make([]interface{}, len(key))
for i := range key {
keyInterface[i] = key[i]
}
value := [1]string{"1.1.1.1"}
valueInterface := make([]interface{}, len(value))
for i := range value {
valueInterface[i] = value[i]
}
condition := kyverno.Condition{
Key: keyInterface,
Operator: kyverno.AnyNotIn,
Value: valueInterface,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
// test passes if ALL of the values in "key" are in "value" ("key" is a subset of "value")
func Test_Eval_AnyNotIn_String_Set_Fail1(t *testing.T) {
ctx := context.NewContext()
key := [2]string{"1.1.1.1", "2.2.2.2"}
keyInterface := make([]interface{}, len(key))
for i := range key {
keyInterface[i] = key[i]
}
value := [3]string{"1.1.1.1", "2.2.2.2", "3.3.3.3"}
valueInterface := make([]interface{}, len(value))
for i := range value {
valueInterface[i] = value[i]
}
condition := kyverno.Condition{
Key: keyInterface,
Operator: kyverno.AnyNotIn,
Value: valueInterface,
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_AllNotIn_String_Set_Pass1(t *testing.T) {
ctx := context.NewContext()
key := [2]string{"4.4.4.4", "5.5.5.5"}
keyInterface := make([]interface{}, len(key))
for i := range key {
keyInterface[i] = key[i]
}
value := [3]string{"1.1.1.1", "2.2.2.2", "3.3.3.3"}
valueInterface := make([]interface{}, len(value))
for i := range value {
valueInterface[i] = value[i]
}
condition := kyverno.Condition{
Key: keyInterface,
Operator: kyverno.AllNotIn,
Value: valueInterface,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_AllNotIn_String_Set_Pass2(t *testing.T) {
ctx := context.NewContext()
key := [2]string{"4.4.4.4", "5.5.5.5"}
keyInterface := make([]interface{}, len(key))
for i := range key {
keyInterface[i] = key[i]
}
value := [1]string{"1.1.1.1"}
valueInterface := make([]interface{}, len(value))
for i := range value {
valueInterface[i] = value[i]
}
condition := kyverno.Condition{
Key: keyInterface,
Operator: kyverno.AllNotIn,
Value: valueInterface,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
// test passes if ALL of the values in "key" are in "value" ("key" is a subset of "value")
func Test_Eval_AllNotIn_String_Set_Fail1(t *testing.T) {
ctx := context.NewContext()
key := [2]string{"1.1.1.1", "2.2.2.2"}
keyInterface := make([]interface{}, len(key))
for i := range key {
keyInterface[i] = key[i]
}
value := [3]string{"1.1.1.1", "2.2.2.2", "3.3.3.3"}
valueInterface := make([]interface{}, len(value))
for i := range value {
valueInterface[i] = value[i]
}
condition := kyverno.Condition{
Key: keyInterface,
Operator: kyverno.AllNotIn,
Value: valueInterface,
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_AllNotIn_String_Set_Fail2(t *testing.T) {
ctx := context.NewContext()
key := [2]string{"1.1.1.1", "5.5.5.5"}
keyInterface := make([]interface{}, len(key))
for i := range key {
keyInterface[i] = key[i]
}
value := [3]string{"1.1.1.1", "2.2.2.2", "3.3.3.3"}
valueInterface := make([]interface{}, len(value))
for i := range value {
valueInterface[i] = value[i]
}
condition := kyverno.Condition{
Key: keyInterface,
Operator: kyverno.AllNotIn,
Value: valueInterface,
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}

155
pkg/engine/variables/operator/allin.go Normal file
View file

@ -0,0 +1,155 @@
package operator
import (
"encoding/json"
"fmt"
"github.com/go-logr/logr"
"github.com/kyverno/kyverno/pkg/engine/context"
"github.com/minio/pkg/wildcard"
)
//NewAllInHandler returns handler to manage AllIn operations
func NewAllInHandler(log logr.Logger, ctx context.EvalInterface) OperatorHandler {
return AllInHandler{
ctx: ctx,
log: log,
}
}
//AllInHandler provides implementation to handle AllIn Operator
type AllInHandler struct {
ctx context.EvalInterface
log logr.Logger
}
//Evaluate evaluates expression with AllIn Operator
func (allin AllInHandler) Evaluate(key, value interface{}) bool {
switch typedKey := key.(type) {
case string:
return allin.validateValueWithStringPattern(typedKey, value)
case []interface{}:
var stringSlice []string
for _, v := range typedKey {
stringSlice = append(stringSlice, v.(string))
}
return allin.validateValueWithStringSetPattern(stringSlice, value)
default:
allin.log.Info("Unsupported type", "value", typedKey, "type", fmt.Sprintf("%T", typedKey))
return false
}
}
func (allin AllInHandler) validateValueWithStringPattern(key string, value interface{}) (keyExists bool) {
invalidType, keyExists := keyExistsInArray(key, value, allin.log)
if invalidType {
allin.log.Info("expected type []string", "value", value, "type", fmt.Sprintf("%T", value))
return false
}
return keyExists
}
func (allin AllInHandler) validateValueWithStringSetPattern(key []string, value interface{}) (keyExists bool) {
invalidType, isAllIn := allSetExistsInArray(key, value, allin.log, false)
if invalidType {
allin.log.Info("expected type []string", "value", value, "type", fmt.Sprintf("%T", value))
return false
}
return isAllIn
}
// allsetExistsInArray checks if all key is a subset of value
// The value can be a string, an array of strings, or a JSON format
// array of strings (e.g. ["val1", "val2", "val3"].
// allnotIn argument if set to true will check for allNotIn
func allSetExistsInArray(key []string, value interface{}, log logr.Logger, allNotIn bool) (invalidType bool, keyExists bool) {
switch valuesAvailable := value.(type) {
case []interface{}:
var valueSlice []string
for _, val := range valuesAvailable {
v, ok := val.(string)
if !ok {
return true, false
}
valueSlice = append(valueSlice, v)
}
if allNotIn {
return false, isAllNotIn(key, valueSlice)
}
return false, isAllIn(key, valueSlice)
case string:
if len(key) == 1 && key[0] == valuesAvailable {
return false, true
}
var arr []string
if err := json.Unmarshal([]byte(valuesAvailable), &arr); err != nil {
log.Error(err, "failed to unmarshal value to JSON string array", "key", key, "value", value)
return true, false
}
if allNotIn {
return false, isAllNotIn(key, arr)
}
return false, isAllIn(key, arr)
default:
return true, false
}
}
// isAllIn checks if all values in S1 are in S2
func isAllIn(key []string, value []string) bool {
found := 0
for _, valKey := range key {
for _, valValue := range value {
if wildcard.Match(valKey, valValue) {
found++
break
}
}
}
if found == len(key) {
return true
} else {
return false
}
}
// isAllNotIn checks if all the values in S1 are not in S2
func isAllNotIn(key []string, value []string) bool {
for _, valKey := range key {
for _, valValue := range value {
if wildcard.Match(valKey, valValue) {
return false
}
}
}
return true
}
func (allin AllInHandler) validateValueWithBoolPattern(_ bool, _ interface{}) bool {
return false
}
func (allin AllInHandler) validateValueWithIntPattern(_ int64, _ interface{}) bool {
return false
}
func (allin AllInHandler) validateValueWithFloatPattern(_ float64, _ interface{}) bool {
return false
}
func (allin AllInHandler) validateValueWithMapPattern(_ map[string]interface{}, _ interface{}) bool {
return false
}
func (allin AllInHandler) validateValueWithSlicePattern(_ []interface{}, _ interface{}) bool {
return false
}

79
pkg/engine/variables/operator/allnotin.go Normal file
View file

@ -0,0 +1,79 @@
package operator
import (
"fmt"
"github.com/go-logr/logr"
"github.com/kyverno/kyverno/pkg/engine/context"
)
//NewAllNotInHandler returns handler to manage AllNotIn operations
func NewAllNotInHandler(log logr.Logger, ctx context.EvalInterface) OperatorHandler {
return AllNotInHandler{
ctx: ctx,
log: log,
}
}
//AllNotInHandler provides implementation to handle AllNotIn Operator
type AllNotInHandler struct {
ctx context.EvalInterface
log logr.Logger
}
//Evaluate evaluates expression with AllNotIn Operator
func (allnin AllNotInHandler) Evaluate(key, value interface{}) bool {
switch typedKey := key.(type) {
case string:
return allnin.validateValueWithStringPattern(typedKey, value)
case []interface{}:
var stringSlice []string
for _, v := range typedKey {
stringSlice = append(stringSlice, v.(string))
}
return allnin.validateValueWithStringSetPattern(stringSlice, value)
default:
allnin.log.Info("Unsupported type", "value", typedKey, "type", fmt.Sprintf("%T", typedKey))
return false
}
}
func (allnin AllNotInHandler) validateValueWithStringPattern(key string, value interface{}) bool {
invalidType, keyExists := keyExistsInArray(key, value, allnin.log)
if invalidType {
allnin.log.Info("expected type []string", "value", value, "type", fmt.Sprintf("%T", value))
return false
}
return !keyExists
}
func (allnin AllNotInHandler) validateValueWithStringSetPattern(key []string, value interface{}) bool {
invalidType, isNotIn := allSetExistsInArray(key, value, allnin.log, true)
if invalidType {
allnin.log.Info("expected type []string", "value", value, "type", fmt.Sprintf("%T", value))
return false
}
return isNotIn
}
func (allnin AllNotInHandler) validateValueWithBoolPattern(_ bool, _ interface{}) bool {
return false
}
func (allnin AllNotInHandler) validateValueWithIntPattern(_ int64, _ interface{}) bool {
return false
}
func (allnin AllNotInHandler) validateValueWithFloatPattern(_ float64, _ interface{}) bool {
return false
}
func (allnin AllNotInHandler) validateValueWithMapPattern(_ map[string]interface{}, _ interface{}) bool {
return false
}
func (allnin AllNotInHandler) validateValueWithSlicePattern(_ []interface{}, _ interface{}) bool {
return false
}

154
pkg/engine/variables/operator/anyin.go Normal file
View file

@ -0,0 +1,154 @@
package operator
import (
"encoding/json"
"fmt"
"github.com/go-logr/logr"
"github.com/kyverno/kyverno/pkg/engine/context"
"github.com/minio/pkg/wildcard"
)
//NewAnyInHandler returns handler to manage AnyIn operations
func NewAnyInHandler(log logr.Logger, ctx context.EvalInterface) OperatorHandler {
return AnyInHandler{
ctx: ctx,
log: log,
}
}
//AnyInHandler provides implementation to handle AnyIn Operator
type AnyInHandler struct {
ctx context.EvalInterface
log logr.Logger
}
//Evaluate evaluates expression with AnyIn Operator
func (anyin AnyInHandler) Evaluate(key, value interface{}) bool {
switch typedKey := key.(type) {
case string:
return anyin.validateValueWithStringPattern(typedKey, value)
case []interface{}:
var stringSlice []string
for _, v := range typedKey {
stringSlice = append(stringSlice, v.(string))
}
return anyin.validateValueWithStringSetPattern(stringSlice, value)
default:
anyin.log.Info("Unsupported type", "value", typedKey, "type", fmt.Sprintf("%T", typedKey))
return false
}
}
func (anyin AnyInHandler) validateValueWithStringPattern(key string, value interface{}) (keyExists bool) {
invalidType, keyExists := keyExistsInArray(key, value, anyin.log)
if invalidType {
anyin.log.Info("expected type []string", "value", value, "type", fmt.Sprintf("%T", value))
return false
}
return keyExists
}
func (anyin AnyInHandler) validateValueWithStringSetPattern(key []string, value interface{}) (keyExists bool) {
invalidType, isAnyIn := anySetExistsInArray(key, value, anyin.log, false)
if invalidType {
anyin.log.Info("expected type []string", "value", value, "type", fmt.Sprintf("%T", value))
return false
}
return isAnyIn
}
// anysetExistsInArray checks if any key is a subset of value
// The value can be a string, an array of strings, or a JSON format
// array of strings (e.g. ["val1", "val2", "val3"].
// notIn argument if set to true will check for NotIn
func anySetExistsInArray(key []string, value interface{}, log logr.Logger, anyNotIn bool) (invalidType bool, keyExists bool) {
switch valuesAvailable := value.(type) {
case []interface{}:
var valueSlice []string
for _, val := range valuesAvailable {
v, ok := val.(string)
if !ok {
return true, false
}
valueSlice = append(valueSlice, v)
}
if anyNotIn {
return false, isAnyNotIn(key, valueSlice)
}
return false, isAnyIn(key, valueSlice)
case string:
if len(key) == 1 && key[0] == valuesAvailable {
return false, true
}
var arr []string
if err := json.Unmarshal([]byte(valuesAvailable), &arr); err != nil {
log.Error(err, "failed to unmarshal value to JSON string array", "key", key, "value", value)
return true, false
}
if anyNotIn {
return false, isAnyNotIn(key, arr)
}
return false, isAnyIn(key, arr)
default:
return true, false
}
}
// isAnyIn checks if any values in S1 are in S2
func isAnyIn(key []string, value []string) bool {
for _, valKey := range key {
for _, valValue := range value {
if wildcard.Match(valKey, valValue) {
return true
}
}
}
return false
}
// isAllNotIn checks if all the values in S1 are not in S2
func isAnyNotIn(key []string, value []string) bool {
found := 0
for _, valKey := range key {
for _, valValue := range value {
if wildcard.Match(valKey, valValue) {
found++
break
}
}
}
if found < len(key) {
return true
} else {
return false
}
}
func (anyin AnyInHandler) validateValueWithBoolPattern(_ bool, _ interface{}) bool {
return false
}
func (anyin AnyInHandler) validateValueWithIntPattern(_ int64, _ interface{}) bool {
return false
}
func (anyin AnyInHandler) validateValueWithFloatPattern(_ float64, _ interface{}) bool {
return false
}
func (anyin AnyInHandler) validateValueWithMapPattern(_ map[string]interface{}, _ interface{}) bool {
return false
}
func (anyin AnyInHandler) validateValueWithSlicePattern(_ []interface{}, _ interface{}) bool {
return false
}

79
pkg/engine/variables/operator/anynotin.go Normal file
View file

@ -0,0 +1,79 @@
package operator
import (
"fmt"
"github.com/go-logr/logr"
"github.com/kyverno/kyverno/pkg/engine/context"
)
//NewAnyNotInHandler returns handler to manage AnyNotIn operations
func NewAnyNotInHandler(log logr.Logger, ctx context.EvalInterface) OperatorHandler {
return NotInHandler{
ctx: ctx,
log: log,
}
}
//AnyNotInHandler provides implementation to handle AnyNotIn Operator
type AnyNotInHandler struct {
ctx context.EvalInterface
log logr.Logger
}
//Evaluate evaluates expression with AnyNotIn Operator
func (anynin AnyNotInHandler) Evaluate(key, value interface{}) bool {
switch typedKey := key.(type) {
case string:
return anynin.validateValueWithStringPattern(typedKey, value)
case []interface{}:
var stringSlice []string
for _, v := range typedKey {
stringSlice = append(stringSlice, v.(string))
}
return anynin.validateValueWithStringSetPattern(stringSlice, value)
default:
anynin.log.Info("Unsupported type", "value", typedKey, "type", fmt.Sprintf("%T", typedKey))
return false
}
}
func (anynin AnyNotInHandler) validateValueWithStringPattern(key string, value interface{}) bool {
invalidType, keyExists := keyExistsInArray(key, value, anynin.log)
if invalidType {
anynin.log.Info("expected type []string", "value", value, "type", fmt.Sprintf("%T", value))
return false
}
return !keyExists
}
func (anynin AnyNotInHandler) validateValueWithStringSetPattern(key []string, value interface{}) bool {
invalidType, isAnyNotIn := anySetExistsInArray(key, value, anynin.log, true)
if invalidType {
anynin.log.Info("expected type []string", "value", value, "type", fmt.Sprintf("%T", value))
return false
}
return isAnyNotIn
}
func (anynin AnyNotInHandler) validateValueWithBoolPattern(_ bool, _ interface{}) bool {
return false
}
func (anynin AnyNotInHandler) validateValueWithIntPattern(_ int64, _ interface{}) bool {
return false
}
func (anynin AnyNotInHandler) validateValueWithFloatPattern(_ float64, _ interface{}) bool {
return false
}
func (anynin AnyNotInHandler) validateValueWithMapPattern(_ map[string]interface{}, _ interface{}) bool {
return false
}
func (anynin AnyNotInHandler) validateValueWithSlicePattern(_ []interface{}, _ interface{}) bool {
return false
}

1
pkg/engine/variables/operator/in.go
View file

@ -10,6 +10,7 @@ import (
"github.com/kyverno/kyverno/pkg/engine/context"
)
// deprecated
//NewInHandler returns handler to manage In operations
func NewInHandler(log logr.Logger, ctx context.EvalInterface) OperatorHandler {
return InHandler{

1
pkg/engine/variables/operator/notin.go
View file

@ -7,6 +7,7 @@ import (
"github.com/kyverno/kyverno/pkg/engine/context"
)
// deprecated
//NewNotInHandler returns handler to manage NotIn operations
func NewNotInHandler(log logr.Logger, ctx context.EvalInterface) OperatorHandler {
return NotInHandler{

14
pkg/engine/variables/operator/operator.go
View file

@ -35,12 +35,26 @@ func CreateOperatorHandler(log logr.Logger, ctx context.EvalInterface, op kyvern
strings.ToLower(string(kyverno.NotEquals)):
return NewNotEqualHandler(log, ctx)
// deprecated
case strings.ToLower(string(kyverno.In)):
return NewInHandler(log, ctx)
case strings.ToLower(string(kyverno.AnyIn)):
return NewAnyInHandler(log, ctx)
case strings.ToLower(string(kyverno.AllIn)):
return NewAllInHandler(log, ctx)
// deprecated
case strings.ToLower(string(kyverno.NotIn)):
return NewNotInHandler(log, ctx)
case strings.ToLower(string(kyverno.AnyNotIn)):
return NewAnyNotInHandler(log, ctx)
case strings.ToLower(string(kyverno.AllNotIn)):
return NewAllNotInHandler(log, ctx)
case strings.ToLower(string(kyverno.GreaterThanOrEquals)),
strings.ToLower(string(kyverno.GreaterThan)),
strings.ToLower(string(kyverno.LessThanOrEquals)),

16
pkg/kyverno/crds/policy_crd.go
View file

@ -152,11 +152,11 @@ const PolicyCRD = `
"type": "string"
},
"operator": {
"description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.",
"description": "operator represents a key's relationship to a set of values. Valid operators are In, AnyIn, AllIn, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn AnyNotIn, AllNotIn, Exists and DoesNotExist.",
"type": "string"
},
"values": {
"description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.",
"description": "values is an array of string values. If the operator is In, AnyIn, AllIn, NotIn, AnyNotIn or AllNotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.",
"items": {
"schema": {
"type": "string"
@ -204,11 +204,11 @@ const PolicyCRD = `
"type": "string"
},
"operator": {
"description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.",
"description": "operator represents a key's relationship to a set of values. Valid operators are In, AnyIn, AllIn, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn AnyNotIn, AllNotIn, Exists and DoesNotExist.",
"type": "string"
},
"values": {
"description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.",
"description": "values is an array of string values. If the operator is In, AnyIn, AllIn, NotIn, AnyNotIn or AllNotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.",
"items": {
"schema": {
"type": "string"
@ -370,11 +370,11 @@ const PolicyCRD = `
"type": "string"
},
"operator": {
"description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.",
"description": "operator represents a key's relationship to a set of values. Valid operators are In, AnyIn, AllIn, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn AnyNotIn, AllNotIn, Exists and DoesNotExist.",
"type": "string"
},
"values": {
"description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.",
"description": "values is an array of string values. If the operator is In, AnyIn, AllIn, NotIn, AnyNotIn or AllNotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.",
"items": {
"schema": {
"type": "string"
@ -422,11 +422,11 @@ const PolicyCRD = `
"type": "string"
},
"operator": {
"description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.",
"description": "operator represents a key's relationship to a set of values. Valid operators are In, AnyIn, AllIn, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn AnyNotIn, AllNotIn, Exists and DoesNotExist.",
"type": "string"
},
"values": {
"description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.",
"description": "values is an array of string values. If the operator is In, AnyIn, AllIn, NotIn, AnyNotIn or AllNotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.",
"items": {
"schema": {
"type": "string"